Summary: | app-admin/logcheck-1.3.18-r1 - /etc/cron.hourly/logcheck.cron: mkdir: cannot create directory '/var/lock/logcheck': Permission denied | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | yesi <yesi> |
Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
yesi
2020-02-20 16:42:28 UTC
I can not check whether there is some changes into v1.3.20. https://packages.debian.org/sid/logcheck chmod 1777 /var/lock does not solved : i keep getting the alertes from Cron. ls -ldZ /var/lock /run /run/lock /run/lock/ drwxr-xr-x. 17 root root system_u:object_r:var_run_t 740 21 févr. 11:15 /run drwxrwxrwt. 3 root uucp system_u:object_r:var_lock_t 60 21 févr. 10:27 /run/lock drwxrwxrwt. 3 root uucp system_u:object_r:var_lock_t 60 21 févr. 10:27 /run/lock/ lrwxrwxrwx. 1 root root system_u:object_r:var_lock_t 9 13 juin 2018 /var/lock -> /run/lock Subject: Cron <logcheck@localhost> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck ; fi mkdir: cannot create directory ‘/run/lock/logcheck’: Permission denied Subject: Cron <root@localhost> run-parts /etc/cron.hourly mkdir: cannot create directory ‘/var/lock/logcheck’: Permission denied run-parts: /etc/cron.hourly/logcheck.cron exited with return code 1 I got also a another alerte : From: added by portage for logcheck <logcheck@localhost> Subject: Logcheck: localhost 2020-02-21 15:02 +0100 exiting due to errors Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.jlAm3G Also verify that the logcheck user can read all files referenced in /etc/logcheck/logcheck.logfiles! declare -x HOME="/tmp" declare -x LANG="fr_FR.utf8" declare -x LC_COLLATE="C" declare -x LC_MESSAGES="en_US.UTF-8" declare -x LOGNAME="logcheck" declare -x MAILTO="root" declare -x OLDPWD declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin" declare -x PWD="/tmp" declare -x SHELL="/bin/sh" declare -x SHLVL="2" declare -x USER="logcheck" cat /etc/logcheck/logcheck.logfiles /var/log/auth.log /var/log/messages /var/log/cron.log /var/log/daemon.log /var/log/debug.log /var/log/kern.log /var/log/user.log -rw-r-----. 1 root logcheck system_u:object_r:var_log_t 17468 21 févr. 15:02 /var/log/auth.log -rw-r-----. 1 root logcheck system_u:object_r:cron_log_t 283639 21 févr. 15:41 /var/log/cron.log -rw-r-----. 1 root logcheck system_u:object_r:var_log_t 35544 21 févr. 15:33 /var/log/daemon.log -rw-r-----. 1 root logcheck system_u:object_r:var_log_t 36094 21 févr. 10:27 /var/log/debug.log -rw-r-----. 1 root logcheck system_u:object_r:var_log_t 446565 21 févr. 14:41 /var/log/kern.log -rw-r-----. 1 root logcheck system_u:object_r:var_log_t 1346819591 21 févr. 15:41 /var/log/messages -rw-r-----. 1 root logcheck system_u:object_r:var_log_t 33352 21 févr. 14:41 /var/log/user.log cat /var/log/cron.log |egrep 'Permission denied' (CRON) This directory or file can't be watched (/var/spool/cron/crontabs): Permission denied (CRON) This directory or file can't be watched (/etc/cron.d): Permission denied (CRON) This directory or file can't be watched (/etc/crontab): Permission denied drwxr-xr-x. 1 root root system_u:object_r:system_cron_spool_t 144 30 janv. 18:42 /etc/cron.d -rw-r--r--. 1 root root system_u:object_r:system_cron_spool_t 476 12 nov. 15:14 /etc/crontab drwx-wx--T. 1 root crontab system_u:object_r:cron_spool_t 52 12 nov. 15:14 /var/spool/cron/crontabs su -s /bin/bash -c "/usr/sbin/logcheck -d" logcheck D: [1582297218] Turning debug mode on D: [1582297218] Sourcing - /etc/logcheck/logcheck.conf D: [1582297218] Finished getopts c:dhH:l:L:m:opr:RsS:tTuvw D: [1582297218] Trying to get lockfile: /run/lock/logcheck/logcheck.lock D: [1582297218] Running lockfile-touch /run/lock/logcheck/logcheck.lock D: [1582297218] cleanrules: /etc/logcheck/cracking.d/kernel D: [1582297218] cleanrules: /etc/logcheck/cracking.d/rlogind D: [1582297218] cleanrules: /etc/logcheck/cracking.d/rsh D: [1582297218] cleanrules: /etc/logcheck/cracking.d/smartd D: [1582297218] cleanrules: /etc/logcheck/cracking.d/tftpd D: [1582297218] cleanrules: /etc/logcheck/cracking.d/uucico D: [1582297218] cleanrules: /etc/logcheck/violations.d/kernel D: [1582297218] cleanrules: /etc/logcheck/violations.d/logcheck D: [1582297218] cleanrules: /etc/logcheck/violations.d/smartd D: [1582297218] cleanrules: /etc/logcheck/violations.d/su D: [1582297218] cleanrules: /etc/logcheck/violations.d/sudo D: [1582297218] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-su D: [1582297218] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sudo D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/acpid D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/amandad D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/amavisd-new D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/anacron D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/anon-proxy D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/apache D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/apcupsd D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/arpwatch D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/asterisk D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/automount D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/bind D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/bluez-utils D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/courier D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cpqarrayd D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cpufreqd D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cron D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cron-apt D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cups-lpd D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cvs-pserver D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cvsd D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cyrus D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dcc D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/ddclient D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dhclient D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dhcp D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dictd D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dkfilter D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dnsmasq D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dovecot D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/dropbear D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/dspam D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/epmd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/exim4 D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/fcron D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ftpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/git-daemon D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/gnu-imap4d D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/gps D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/grinch D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/horde3 D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/hplip D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/hylafax D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ikiwiki D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imap D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imapproxy D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imp D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imp4 D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/innd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ipppd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/isdnlog D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/isdnutils D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/jabberd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/kernel D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/klogind D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/krb5-kdc D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/libpam-krb5 D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/libpam-mount D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/logcheck D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/login D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/maradns D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/mldonkey-server D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/mon D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/mountd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nagios D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/netconsole D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nfs D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nntpcache D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nscd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nslcd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/openvpn D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/otrs D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/passwd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pdns D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/perdition D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/policyd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/popa3d D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/postfix D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/postfix-policyd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ppp D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pptpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/procmail D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/proftpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pure-ftpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pureftp D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/qpopper D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rbldnsd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rpc_statd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rsnapshot D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rsync D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sa-exim D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/samba D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/saned D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sasl2-bin D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/saslauthd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/schroot D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/scponly D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/slapd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/smartd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/smbd_audit D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/smokeping D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/snmpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/snort D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/spamc D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/spamd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/squid D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ssh D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/stunnel D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/su D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sudo D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sympa D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/syslogd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/systemd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/systemd-timesyncd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/teapop D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/telnetd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/tftpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/thy D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ucd-snmp D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/upsd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/uptimed D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/userv D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/vsftpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/watchdog D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/wu-ftpd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/xinetd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/bind D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/cron D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/incron D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/logcheck D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/postfix D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/ppp D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/pureftp D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/qpopper D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/squid D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/ssh D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/stunnel D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/sysklogd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/telnetd D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/tripwire D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/usb D: [1582297219] logoutput called with file: /var/log/auth.log D: [1582297219] Running /usr/sbin/logtail2 on /var/log/auth.log D: [1582297219] logoutput called with file: /var/log/messages D: [1582297219] Running /usr/sbin/logtail2 on /var/log/messages D: [1582297245] logoutput called with file: /var/log/cron.log D: [1582297245] Running /usr/sbin/logtail2 on /var/log/cron.log D: [1582297245] logoutput called with file: /var/log/daemon.log D: [1582297245] Running /usr/sbin/logtail2 on /var/log/daemon.log D: [1582297245] logoutput called with file: /var/log/debug.log D: [1582297245] Running /usr/sbin/logtail2 on /var/log/debug.log D: [1582297245] logoutput called with file: /var/log/kern.log D: [1582297245] Running /usr/sbin/logtail2 on /var/log/kern.log D: [1582297245] logoutput called with file: /var/log/user.log D: [1582297245] Running /usr/sbin/logtail2 on /var/log/user.log D: [1582297245] Sorting logs D: [1582297283] Setting the Intro D: [1582297283] Checking for security alerts D: [1582297283] greplogoutput: kernel D: [1582297284] greplogoutput: rlogind D: [1582297285] greplogoutput: rsh D: [1582297286] greplogoutput: smartd D: [1582297287] greplogoutput: tftpd D: [1582297288] greplogoutput: uucico D: [1582297289] greplogoutput: returning 1 D: [1582297289] Checking for security events D: [1582297289] greplogoutput: kernel D: [1582297290] greplogoutput: logcheck D: [1582297290] greplogoutput: smartd D: [1582297290] greplogoutput: su D: [1582297290] greplogoutput: Entries in checked D: [1582297290] cleanchecked - file: /tmp/logcheck.EcXEoe/violations-ignore/logcheck-su D: [1582297291] greplogoutput: sudo D: [1582297291] greplogoutput: Entries in checked D: [1582297291] cleanchecked - file: /tmp/logcheck.EcXEoe/violations-ignore/logcheck-sudo D: [1582297291] report: cat'ing - Security Events for sudo D: [1582297291] greplogoutput: returning 0 D: [1582297291] Checking for system events D: [1582297292] cleanchecked - dir - /tmp/logcheck.EcXEoe/ignore D: [1582297292] cleanchecked - dir - /tmp/logcheck.EcXEoe/ignore/acpid cat: write error: No space left on device D: [1582297292] error: Killing lockfile-touch - 25887 D: [1582297292] error: Removing lockfile: /run/lock/logcheck/logcheck.lock D: [1582297292] Error: Could not output to TMPDIR/checked.1. /usr/sbin/logcheck: line 164: cannot create temp file for here-document: No space left on device D: [1582297292] cleanup: Removing - /tmp/logcheck.EcXEoe FILESYSTEM (=) USED FREE (-) %USED AVAILABLE TOTAL MOUNTED ON devtmpfs [--------------------] 0,0% 10,0M 10,0M /dev tmpfs [=-------------------] 1,0% 7,7G 7,8G /dev/shm tmpfs [=-------------------] 0,0% 7,8G 7,8G /run /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G / cgroup_root [--------------------] 0,0% 10,0M 10,0M /sys/fs/cgroup /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G /home /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G /boot /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G /opt /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G /var /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G /var/log /dev/mapper/gnu-rootfs [=======-------------] 33,6% 303,8G 457,8G /var/tmp tmpfs [=-------------------] 0,0% 4,0G 4,0G /tmp none [=-------------------] 0,0% 7,8G 7,8G /run/user/1000 Changelog : https://metadata.ftp-master.debian.org/changelogs//main/l/logcheck/logcheck_1.3.20_changelog It seems that hhere is no changes into v1.3.20 that could correct with the Gentoo version 1.3.18-r1. I've solved some alertes with SELinux : allow system_cronjob_t var_lock_t:dir create; allow system_cronjob_t var_lib_t:file { read write open }; allow system_cronjob_t var_lock_t:dir setattr; allow system_cronjob_t self:cap_userns sys_ptrace; allow system_cronjob_t self:capability sys_ptrace; But, it seems that this one has nothing with SELinux : From: "(Cron Daemon)" <logcheck@localhost> Subject: Cron <logcheck@localhost> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi mkdir: cannot create directory ‘/run/lock/logcheck’: Permission denied ll /var/lock/ drwxr-xr-x. 2 logcheck logcheck 40 27 févr. 12:02 logcheck drwx------. 2 root root 40 27 févr. 10:34 lvm ll /var/lock/ -dZ drwxrwxr-x. 4 root uucp system_u:object_r:var_lock_t 80 27 févr. 11:01 /var/lock/ ll /var/lock lrwxrwxrwx. 1 root root 9 13 juin 2018 /var/lock -> /run/lock ll /run/lock/ -dZ drwxrwxr-x. 4 root uucp system_u:object_r:var_lock_t 80 27 févr. 11:01 /run/lock/ /run is mounted in tmpfs filsystem. |